Authentication Problems

Karen R. Sollins (sollins@lcs.mit.edu)
Tue, 5 Apr 94 18:45:33 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael Mealling: "Re: Seattle minutes"
Previous message: Karen R. Sollins: "URC's"
In reply to: Keith Moore: "Re: Authentication Problems"

Date: Tue, 5 Apr 94 18:45:33 -0400

Message-Id: <9404052245.AA26885@zippy.lcs.mit.edu>

From: Karen R. Sollins <sollins@lcs.mit.edu>

To: moore@cs.utk.edu

In-Reply-To: Keith Moore's message of Mon, 04 Apr 1994 14:59:06 -0400 <199404041859.OAA22881@wilma.cs.utk.edu>


Subject: Authentication Problems

From: Keith Moore <moore@cs.utk.edu>
Date: Mon, 04 Apr 1994 14:59:06 -0400
Sender: moore@cs.utk.edu

> I'm taking the liberty of forwarding this message, not because
> it has anything to do with UR*, but becasue it points out the
> problem of authentication of *ANY* resources, in this case, those
> in print form.

Thanks for posting this. Although your example was with print media, it
illustrates a fundamental problem with electronic documents whose contents
are allowed to change over time.

While such documents are both useful and desirable, there is a strong need to
ensure that such documents must remain authentic.

Keith Moore

Because we are now treading into the security area, let's try to use
at least approximately the same terminology as the security community.
This is actually a problem of integrity. There are actually at least
two problems in here that are separable. There is the question of
"Who said it or published it?" - that's a problem of authentication.
Separately, there is the problem in the books that Sally brought up,
which is "Is this what was said?" - integrity of the information.
There is a third there is a problem of privacy which breaks down into
another authentication problem ("Who's asking?") and an access control
problem ("Does that person/principal have permission to access it?")

We are working on some of these (early stages) in the Information
Mesh. I'm sure there are other people working on some of them too.
Cliff Neumann??? Others???

As I mentioned in the IIIR meeting these are all issues that need to
be addressed in a larger architecture. I do NOT believe that they
should be part of a naming and location architecture. On the other
hand, some of this sort of information could be distributed as
meta-information in order to help a potential client of information to
figure out whether to try to access the information.
Karen Sollins

Next message: Michael Mealling: "Re: Seattle minutes"
Previous message: Karen R. Sollins: "URC's"
In reply to: Keith Moore: "Re: Authentication Problems"